Reports
You can query for a report associated with an Account
or a Repository
. You can do so by querying for the reports
field in the Account
or Repository
objects. Account.reports
contains all the reports available for an Account
. Repository.reports
contains all the reports available for a Repository
.
Fetching the OWASP Top 10 report for a repository
Query:repository:report:owaspTop10
Query for fetching the OWASP Top 10 report associated with a Repository.
Sample Request
query (
$name: String!
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 12,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 12
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 12
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 13,
"changePercentage": -7.0
},
{
"label": "3 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "6 Months Ago",
"value": 14,
"changePercentage": -14.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching the OWASP Top 10 report for an account
Query:repository:report:owaspTop10
Query for fetching the OWASP Top 10 report associated with an Account.
Sample Request
query (
$login: String!
$vcsProvider: VCSProvider!
$startDate: Date!
$endDate: Date!
) {
account(login: $login, vcsProvider: $vcsProvider) {
reports {
owaspTop10 {
key
title
currentValue
status
values(startDate: $startDate, endDate: $endDate) {
date
values {
key
value
}
}
trends {
label
value
changePercentage
}
securityIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"reports": {
"owaspTop10": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 144,
"status": "FAILING",
"values": [
{
"date": "2022-12-09",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-10",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-11",
"values": [
{
"key": "count",
"value": 144
}
]
},
{
"date": "2022-12-12",
"values": [
{
"key": "count",
"value": 144
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "3 Months Ago",
"value": 35,
"changePercentage": 311.0
},
{
"label": "6 Months Ago",
"value": 22,
"changePercentage": 554.0
},
{
"label": "12 Months Ago",
"value": null,
"changePercentage": null
}
],
"securityIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 2,
"major": 28,
"minor": 2,
"total": 32
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 3,
"major": 8,
"minor": 8,
"total": 19
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 1,
"major": 37,
"minor": 1,
"total": 39
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 9,
"minor": 0,
"total": 9
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 1,
"major": 11,
"minor": 8,
"total": 20
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
}
Fetching a report for a repository [Deprecated]
Query:repository:report
field is deprecated in favor ofQuery:repository:reports
field.
Query:repository:report
Query for fetching a report associated with a Repository.
Sample Request
query($name: String!, $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
repository(name: $name, login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"repository": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 15,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 15
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 8,
"minor": 0,
"total": 8
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 3,
"total": 3
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 3,
"minor": 0,
"total": 3
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 1,
"minor": 0,
"total": 1
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Fetching a report for an account [Deprecated]
Query:account:report
field is deprecated in favor ofQuery:account:reports
field.
Query:account:report
Query for fetching a report associated with an Account.
Sample Request
query( $login: String!, $vcsProvider: VCSProvider!, $reportKey: ReportKey!, $startDate: Date!, $endDate: Date!) {
account( login: $login, vcsProvider: $vcsProvider) {
report(key: $reportKey) {
key
title
currentValue
status
historicalValues(startDate:$startDate, endDate:$endDate) {
date
values {
key
value
}
}
trends {
label
value
rate
}
... on ComplianceReport {
complianceIssueStats {
key
title
occurrence {
critical
major
minor
total
}
}
}
... on IssueDistributionReport {
issueDistributionByAnalyzer {
key
value
}
issueDistributionByCategory {
key
value
}
}
}
}
}
Sample Response
{
"data": {
"account": {
"report": {
"key": "OWASP_TOP_10",
"title": "OWASP Top 10",
"currentValue": 138,
"status": "FAILING",
"historicalValues": [
{
"date": "2022-07-01",
"values": [
{
"key": "count",
"value": 138
}
]
}
],
"trends": [
{
"label": "1 Month Ago",
"value": null,
"rate": null
},
{
"label": "3 Months Ago",
"value": null,
"rate": null
},
{
"label": "6 Months Ago",
"value": null,
"rate": null
},
{
"label": "12 Months Ago",
"value": null,
"rate": null
}
],
"complianceIssueStats": [
{
"key": "A01",
"title": "Broken Access Control",
"occurrence": {
"critical": 1,
"major": 16,
"minor": 2,
"total": 19
}
},
{
"key": "A02",
"title": "Cryptographic Failures",
"occurrence": {
"critical": 2,
"major": 7,
"minor": 8,
"total": 17
}
},
{
"key": "A03",
"title": "Injection",
"occurrence": {
"critical": 2,
"major": 25,
"minor": 2,
"total": 29
}
},
{
"key": "A04",
"title": "Insecure Design",
"occurrence": {
"critical": 0,
"major": 13,
"minor": 0,
"total": 13
}
},
{
"key": "A05",
"title": "Security Misconfiguration",
"occurrence": {
"critical": 2,
"major": 11,
"minor": 8,
"total": 21
}
},
{
"key": "A06",
"title": "Vulnerable and Outdate components",
"occurrence": {
"critical": 0,
"major": 6,
"minor": 0,
"total": 6
}
},
{
"key": "A07",
"title": "Identification and Authentication Failures",
"occurrence": {
"critical": 0,
"major": 2,
"minor": 0,
"total": 2
}
},
{
"key": "A08",
"title": "Software and Data Integrity Failures",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
},
{
"key": "A09",
"title": "Security Logging and Monitoring Failures",
"occurrence": {
"critical": 63,
"major": 0,
"minor": 0,
"total": 63
}
},
{
"key": "A10",
"title": "Server-Side Request Forgery (SSRF)",
"occurrence": {
"critical": 0,
"major": 0,
"minor": 0,
"total": 0
}
}
]
}
}
}
}
Objects
AccountReportsNamespace
A namespace containing all the reports available in an Account
.
Field | Type | Description |
---|---|---|
owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for a account. |
sansTop25 | SansTop25Report! | The SANS Top 25 report for a account. |
codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for a account. |
issueDistribution | IssueDistributionReport! | The Issue Distribution report for a account. |
issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for a account. |
issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for a account. |
RepositoryReportsNamespace
A namespace containing all the reports available in a Repository
.
Field | Type | Description |
---|---|---|
owaspTop10 | OwaspTop10Report! | The OWASP Top 10 report for a repository. |
sansTop25 | SansTop25Report! | The SANS Top 25 report for a repository. |
codeHealthTrend | CodeHealthTrendReport! | The Code Health Trend report for a repository. |
issueDistribution | IssueDistributionReport! | The Issue Distribution report for a repository. |
issuesPrevented | IssuesPreventedReport! | The Issues Prevented report for a repository. |
issuesAutofixed | IssuesAutofixedReport! | The Issues Autofixed report for a repository. |
OwaspTop10Report
Represents the OWASP Top 10 report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
status | ReportStatus! | The status of the report. |
securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
SansTop25Report
Represents the SANS Top 25 report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
status | ReportStatus! | The status of the report. |
securityIssueStats | [SecurityIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
CodeCoverageReport
Represents the Code Coverage report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
repositories | CodeCoverageReportRepositoryConnection | The list of repositories along with their code coverage metric values. |
q | String | The query param to search the repositories by name. |
sortKey | CodeCoverageReportRepositorySortKey | An enum to sort the list of repositories by. |
offset | Int | The count of repositories to skip. |
before | String | A cursor to be used with last for backward pagination. |
after | String | The number of items to forward paginate. |
last | Int | The number of items to backward paginate. |
CodeHealthTrendReport
Represents the Code Health Trend report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
IssueDistributionReport
Represents the Issue Distribution report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
issueDistributionByAnalyzer | IssueDistribution! | Distribution of issues by analyzer. |
issueDistributionByCategory | IssueDistribution! | Distribution of issues by category. |
IssuesPreventedReport
Represents the Issues Prevented report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
issueDistributionByAnalyzer | IssueDistribution! | Distribution of issues by analyzer. |
issueDistributionByCategory | IssueDistribution! | Distribution of issues by category. |
IssuesAutofixedReport
Represents the Issues Autofixed report.
Field | Type | Description |
---|---|---|
key | ReportKey! | An enum that uniquely identifies a report. |
title | String! | The title of the report. |
currentValue | Int | The current value of the reported statistic. |
values | [ReportValueItem]! | The values of the report between the given start and end dates. |
startDate | Date! | The start date for the values. |
endDate | Date! | The end date for the values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
ReportValueItem
Represents the list of values recorded for a report on a specific date.
Field | Type | Description |
---|---|---|
date | Date! | The date the values were recorded on. |
values | ReportValue | The list of values recorded. |
ReportValue
Represents a recorded value in a report.
IssueDistribution
SecurityIssueStat
Field | Type | Description |
---|---|---|
key | String! | The key of the security issue. |
title | String! | Title of the security issue. |
occurrence | SeverityDistribution! | Denotes the count of occurrences of various security issues. |
SeverityDistribution
CodeCoverageReportRepositoryConnection
Field | Type | Description |
---|---|---|
pageInfo | PageInfo! | Pagination data for this connection. |
edges | [CodeCoverageReportRepositoryEdge]! | Contains the nodes in this connection. |
totalCount | Int | The total count of the nodes. |
CodeCoverageReportRepositoryEdge
Field | Type | Description |
---|---|---|
node | CodeCoverageReportRepository |
The CodeCoverageReportRepository object.
|
cursor | [String]! | The cursor to be used for pagination. |
CodeCoverageReportRepository
Field | Type | Description |
---|---|---|
name | [String]! | The name of the repository. |
id | [ID]! | The ID of the repository. |
lcvMetricValue | [Float] | The LCV metric value for the repository. |
bcvMetricValue | [Float] | The BCV metric value for the repository. |
isLcvPassing | [Boolean] | Whether the LCV value is passing the threshold set for the metric. |
isBcvPassing | [Boolean] | Whether the BCV value is passing the threshold set for the metric. |
Trend
Compares the report value across different time periods.
Deprecated
The following GraphQL interfaces & objects have been deprecated and will be removed soon.
Interfaces
Report
Represents the report associated with an Account or Repository.
Field | Type | Description |
---|---|---|
key | ReportKey! | This is an enum that is used to uniquely identify a report. |
title | String! | Title of the report. |
currentValue | Int! | The current value of the reported statistic. |
historicalValues | [HistoricalValueItem]! | The historical data of the report. |
startDate | Date! | The start date for the historical values. |
endDate | Date! | The end date for the historical values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
Objects
ComplianceReport
Represents a compliance report. Currently there are two compliance reports - OWASP_TOP_10
and SANS_TOP_25
.
Implements the Report
interface.
Field | Type | Description |
---|---|---|
key | ReportKey! | This is an enum that is used to uniquely identify a report. |
title | String! | Title of the report. |
currentValue | Int! | The current value of the reported statistic. |
historicalValues | [HistoricalValueItem]! | The historical data of the report. |
startDate | Date! | The start date for the historical values. |
endDate | Date! | The end date for the historical values. |
trends | [Trend]! | The trends across 1 month, 3 month, 6 month and 12 months. |
complianceIssueStats | [ComplianceIssueStat]! | This contains all data regarding the occurrences of the compliance issues. |
ComplianceIssueStat
Field | Type | Description |
---|---|---|
key | String! | The key of the compliance issue. |
title | String! | Title of the compliance issue. |
occurrence | ComplianceIssueOccurrenceCount! | Denotes the count of occurences of various compliance issues. |
ComplianceIssueOccurrenceCount
HistoricalValue
HistoricalValueItem
Field | Type | Description |
---|---|---|
date | Date! | Date of the recorded value. |
values | [HistoricalValue]! | A list of values recorded on the associated date. |
Updated about 1 month ago